comments_test.rb
1.76 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
require File.dirname(__FILE__) + '/test_helper'
class CommentsTest < ActiveSupport::TestCase
def setup
login_api
end
should 'not list comments if user has no permission to view the source article' do
person = fast_create(Person)
article = fast_create(Article, :profile_id => person.id, :name => "Some thing", :published => false)
assert !article.published?
get "/api/v1/articles/#{article.id}/comments?#{params.to_query}"
assert_equal 403, last_response.status
end
should 'not return comment if user has no permission to view the source article' do
person = fast_create(Person)
article = fast_create(Article, :profile_id => person.id, :name => "Some thing", :published => false)
comment = article.comments.create!(:body => "another comment", :author => user.person)
assert !article.published?
get "/api/v1/articles/#{article.id}/comments/#{comment.id}?#{params.to_query}"
assert_equal 403, last_response.status
end
should 'not comment a article if user has no permission to view it' do
person = fast_create(Person)
article = fast_create(Article, :profile_id => person.id, :name => "Some thing", :published => false)
assert !article.published?
post "/api/v1/articles/#{article.id}/comments?#{params.to_query}"
assert_equal 403, last_response.status
end
should 'return comments of an article' do
article = fast_create(Article, :profile_id => user.person.id, :name => "Some thing")
article.comments.create!(:body => "some comment", :author => user.person)
article.comments.create!(:body => "another comment", :author => user.person)
get "/api/v1/articles/#{article.id}/comments?#{params.to_query}"
json = JSON.parse(last_response.body)
assert_equal 2, json["comments"].length
end
end